Top 10 Tips from @MontecitoBank’s @805startups Cyber-Security Event

montecito_logo

We had a really great event with Montecito Bank & Trust last week.  You missed out if you weren’t there!  See the top 10 takeaways below.

  • Exploit kits (compromises occurring through infected websites) are by far the most common method used to deliver malware (ransomware, banking Trojans, etc.)
  • Ransomware is becoming the most common type of malware we see because it’s so easy to deliver and profit from. In addition, banking malware runs in the background on your machine that is standing ready to collect your online banking credentials the next time you log in. This scheme, called “account takeover”, allows the thieves to log into your online banking account on your behalf to transfer your hard-earned money out of your accounts.  Consider the case of the California escrow firm, Efficient Escrow Group, who was hacked in December 2012 and January 2013. A banking Trojan allowed hackers to remotely issue wires totaling $1.5 million to Russia and China on 3 separate occasions.
  • Phishing can also be used to collect your credentials.  Emails or pop-ups might appear to be coming from legitimate banking institutions, or even VISA or MasterCard.  Instead of clicking on the links embedded within emails or in pop-up windows, locate the websites and phone numbers yourself off of prior correspondence or dealings and go directly to the source yourself.  Consider downloading Trusteer, a solution we have partnered with IBM on to offer our clients that will warn you of potential malware running on your computer, or risks inherent with sites you might be visiting.  Download the tool at https://montecito.bank/trusteer or https://montecito.bank/trusteer-mac.
  • Montecito Bank & Trust us also protecting our customers through its new .bank domain at https://Montecito.bank.  The .bank domain is only open to banks that are verified by their regulator. Because the .bank domain is verified and authenticated, phishing, spoofing, internet scams and malicious emails that target bank customers should be reduced.  In addition, the .bank extension incorporates the latest security requirements and best practices to ensure that you are landing on our actual website and not being misdirected to malicious ones. It also requires email authentication & verification to mitigate spoofing, phishing, and other malicious activities propagated through emails.
  • User awareness is critical, be suspicious.  Stop and think before reacting to emails with links or requests like wire transfers, even if the email appears to be from someone you know.  Fraudsters deliberately create a sense of urgency. Consider signing up for public service announcements from the FBI to keep abreast of new internet crime scams at https://www.fbi.gov/about-us/investigate/cyber.  More information about the types of scams being investigated by the FBI can be found here:  https://www.fbi.gov/scams-safety/fraud .
  • Update your software regularly and use the vendor’s automatic software update features.  Especially tools used to connect to the internet (OS, browser, plugins like java flash and acrobat).
  • If you run a website update your platform regularly and consider hardening your CMS by restricting /admin or equivalent to trusted IP addresses only, enable 2 factor authentication on registrar account and DNS provider.  If possible use a WAF like and enable rules specific to your platform (e.g. Joomla or WordPress). Filter websites especially the unrated/uncategorized sites if possible.
  • If you accept credit or debit cards as payment for your services, contact your bank for an EMV-compliant terminal.  You may also want to ask for a “contactless” terminal to enable you to accept other types of tokenized payment methods. ApplePay, SamsungPay, Android pay, etc. are improvements in both convenience and security.  When you use them your credit card information is never shared with the merchant. A “token” is a special code associated with your account number.  Tokenization technology is unique in that they replace your account data with a unique number that is useless if stolen:  http://www.aba.com/Tools/Function/Technology/Documents/Tokenization-Infographic.pdf.
  • We are seeing another type of fraud on the rise, called “business email compromise” or “masquerading”.  This is a type of payment fraud that involves the compromise of legitimate e-mail accounts for the purpose of requesting an unauthorized wire transfer.  After an e-mail account is compromised, actors use the compromised account or a spoofed account to send wire transfer instructions. The funds are primarily sent to Asia, but funds have also been sent to other countries all over the world.   Visit https://montecito.bank to download our “Need to Know: CEO Wire Fraud” sheet now for additional tips on protecting your business against email fraud.
  • Finally, as tax season is now upon us, remain alert to IRS email or phone scams claiming you owe taxes.  Also watch for requests to add users to your QuickBooks accounts, even if the requests appear to be coming from your CPA or local banker.  Crooks could be masquerading as someone you know through a hacked email account to get access to your money or accounts.  Consider employing a two-factor authentication protocol for your company to verify requests for credentials or for transferring money.

Cyber Security: Defense in Depth – FREE workshop from @montecitobank

montecito_logoWe’re extremely excited to announce that we’re hosting Montecito Bank & Trust, one of 805 Startups’ top supporters’ cyber security class led by Paul Abramson, their Director of Technology and Laurel Sykes, their Chief Risk Officer at the Cal Lutheran Center for Entrepreneurship in Westlake Village.  The class was created for proprietors, CEOs, CFOs, finance managers and IT Managers.

Join us at this FREE workshop to learn:

  • Lessons from real world stories of email compromises
  • Critical tips to aid in prevention and response
  • How to develop a layered security approach in your organization
  • How attackers spread malware, steal passwords and defraud businesses
— RSVP to Jamie at jperez@montecito.bank or on the 805 Startups Meetup group —

Feel free to share and post the official flyer below:

montecito_cyber_security

Meet the Associates from @AmplifyLA, @tenone10 & @KarlinVentures at the next @805startups

805startups-MeetTheAssociates

We’re extremely excited to have Chris Olson from Ampify.LA, Arteen Arabshahi from Karlin Ventures and Austin Clements from TenOneTen Ventures at the next 805 Startups investor panel.  All three of these guys come from really great funds and have diverse experience working with early stage startups.

In most cases, when your startup applies, or reaches out to these funds, these guys are the first line of defense.  Not only that, but they’re also sourcing deals, taking meetings, doing the due-diligence and helping make the final decision of whether or not to back your company.

Come join us on the 18th and learn about what gets them excited.

RSVP HERE.

Welcome @MontecitoBank & @StubbsAlderton to our amazing group of @805startups sponsors!!!

We’re less than 2 weeks away from the big event and I am super excited to announce that Montecito Bank & Trust, and Stubbs Alderton & Markiles, LLP have come on board to sponsor us.

montecito_and_Stubbs

If you’re at all familiar with either of these groups, you know how lucky we are to have them on our team.  They’re both local, both very entrepreneur friendly, and they’re both obviously forward thinking.  😛

They’ll both have representatives at the event, but if you need a direct intro to either of them, let me know.

Community Leaders Being Honored at next @805startups

Hi, Friends!

I’m excited to announce the amazing community leaders we’re honoring at the next event.  See their info below and please support everything they do!  They are an impressive group of folks on all accounts, but also please remember that they are being honored because of their amazing work in OUR community.  For that reason, I included a link to each of their local groups they run.  Please join and support their groups!

Tweet: Community Leaders Being Honored at next @805startups

Honoree Bios:

Kyle Ashby – StartupSB

Kyle-Ashby-HeadshotKyle Ashby is an entrepreneur, community builder, startup advisor and avid explorer who never sits still.  The founder of Kaldera, an advisory firm that focuses on strategy, innovation, growth and community building, Kyle works with other entrepreneurs, startups, companies and organizations.  He is also the Co Founder of the Impact Hub Santa Barbara, a creative workspace for entrepreneurs making change (opening at the end of 2015), and the fire-starter behind StartupSB, a 1500+ member entrepreneurial network that connects central coast entrepreneurs, startups, investors and resources.  He also founded Travel in Central America, a company providing unique travel experiences (like baseball team tours) in Central America. He was part of the founding team of BrandLive (an interactive video platform) and Mobile Corporation.  He’s also worked in executive, marketing and project management roles with a number of multinational companies and technology startups.  As a Startup America Champion and Startup Weekend Global facilitator, Kyle has visited and interacted with 100’s of startup communities in the US and the World and has coordinated events from Australia to Aspen as well as all of the Startup Weekend Santa Barbara events.  Kyle has also taught classes in marketing, innovation, and entrepreneurship in the Technology Management Program at the University of California and at Antioch University Santa Barbara.  He has an MBA from Babson College and undergraduate degrees in Film Studies and Geography from UC Santa Barbara.

Daniel Ball – Westlake Village Lean Startup Meetup

Daniel BallDaniel Ball is an expert in early-stage product development and strategic marketing, and teaches a variety of programs in the startup community including entrepreneurship at UCLA Extension and 3 years of running intensive programs for entrepreneurs in Santa Monica through the Startup Next organization.  Startup Next is a global, pre-accelerator program affiliated with Startup Weekend, Google for Entrepreneurs, and is now part of the Techstars global brand.  As the Los Angeles City Coordinator for Startup Next, he has personally worked with over 50 startups to develop their product or business ideas and help prepare them for pitching to investors or accelerator programs, bringing in mentors from the startup community.  He has an MBA from UCLA’s Anderson School of Management and a Bachelors of Science in Business from UC Berkeley.
His professional career outside of teaching includes 16 years of experience in the healthcare industry as a product manager and marketing manager, with focused expertise on early-stage product development, strategic marketing, and market research.  He is active in the startup community, runs Lean Startup Meetup groups, Startup Weekend events, and is currently with Techstars, the leading global accelerator program, as they partner with Disney to run the Disney Accelerator in Los Angeles for entertainment startups.
Vanessa Ting Anderson – Women STEM Entrepreneurs

Vanessa TingVanessa Ting is a former corporate executive and now an entrepreneur and leader in women’s venture development.

As a former Retail Buyer for Target Corporation and marketer for Neutrogena, Vanessa Ting now helps consumer brands strengthen their appeal to major retail buyers nationwide through two businesses, Buyerly.com and Retail Path. Over her career, she has brought dozens of products to market for brands such as Neutrogena, Listerine, Church & Dwight, as well as items sold at Target, Walmart, CVS, Kroger, and more.

Her companies are guided by her passion for cultivating women-led businesses. Her work in venture development advances women entrepreneurship by supplying resources and education to foster long-term growth, as well as to inspire the next generation of female entrepreneurs. She leads women in STEM initiatives in Ventura County and is an advocate of the Conejo Valley startup ecosystem.

Vanessa holds a BA from University of Southern California and an MBA from Georgetown University. She has 16+ years of marketing and retail experience and now operates two companies – Retail Path, a retail consulting firm, and award-winningBuyerly, a B2B website that connects retail buyers and emerging consumer brands for product feedback and wholesale orders.

Sean Bhardwaj – Ventura Ventures
Sean HeadshotSean Bhardwaj is the Founder and CEO of Aspire 3 where he creates programs and partnerships between education, business, government, and community organizations to develop the next generation of entrepreneurs. He is also the Executive Director at the Ventura Ventures Technology Center, a business incubator dedicated to growing technology based companies and jobs in Ventura.  Sean’s background is in Product Management and Market Development and is the Chair of the Social Justice Fund for Ventura County, and involved with the Ventura County Civic Alliance and the Youth Council of the Workforce Investment Board of Ventura County. He holds a bachelor’s degree in Business Administration with a focus on Global Marketing and Consumer Behavior from the University of Southern California.